Stop data loss with DLP for Drive

DLP for Drive rule nested condition operator examples

Use AND, OR, or NOT operators with rule conditions for DLP for Drive

Supported editions for this feature: Enterprise; Education Fundamentals, Standard, Teaching and Learning Upgrade, and PlusCompare your edition

When you create data loss prevention rules for DLP,  you add conditions that trigger these rules. Conditions can nest in other conditions, using AND, OR, or NOT operators. This article describes some examples of common use cases for these operators in the conditions in DLP for Drive rules.

Functions of the AND, OR, and NOT operators

Operator What it does
AND An action occurs only when all the conditions that are combined with an AND operator are met. For example, a condition can block sharing if a document body contains the word Confidential AND Acme. Only documents containing both the keywords are blocked from sharing. If a document contains only the word Confidential, sharing is not blocked.
OR An action occurs if either of the conditions are met. For example, a condition can block sharing if the document contains the word Confidential or Acme. Documents containing either word or both words are blocked.
NOT This condition is excluded from evaluation before an action occurs.

Tip: If you change your mind about about adding a condition, click Cancel to remove it and start again.

DLP for Drive rule condition examples

Example 1: DLP rule condition with AND and OR operators 

In this use case, the rule is triggered when a document title contains the word confidential, and the document body contains a United States passport number or a United States Social Security Number.

Here is a conceptual diagram of this use case:

To configure this use case:

  1. In the rule configuration flow, you have come to the Conditions section. Click Add Condition.
  2. Specify these values for the condition fields:
    • Field—Title
    • Value—Contains word
    • Enter contents to match—confidential
  3. Click Add Condition.
  4. In the second condition, click Add condition group Embed. This creates a group of two new conditions subordinate to the first condition.
  5. In the new group of conditions, change AND to OR
  6. Specify these values for the first grouped condition:
    • Field—Body
    • Value—Matches default detector
    • Default detector—Scroll and choose United States-Passport
    • Likelihood Threshold—Possible
    • Minimum unique matches—1
    • Minimum match count—1
  7. Specify these values for the second grouped condition:
    • Field—Body
    • Value—Matches default detector
    • Default detector—Scroll and choose United States--Social Security Number
    • Likelihood Threshold—Possible
    • Minimum unique matches—1
    • Minimum match count—1
  8. Click Continue to continue configuring your rule.
Example 2: DLP rule condition with an AND operator and multiple NOT operators

In this use case, the rule is triggered when the document title contains the word confidential, but doesn’t contain the word published.  And, the body of the document doesn’t contain the string safe to share. 

Here is a conceptual diagram of this use case:

To configure this use case:

  1. In the rule configuration flow, you have come to the Conditions section. Click Add Condition.
  2. Specify these values for the condition fields:
    • Field—Title
    • Value—Contains word
    • Enter contents to match—confidential
  3. Click Add Condition.
  4. Click Not "" in the new condition.
  5. Specify these values for the first Not operator:
    • Field—Title
    • Value—Contains
    • Enter contents to match—published
  6. Click Add Condition.
  7. Click Not "" in the new condition.
  8. Specify these values for the second Not operator:
    • Field—Body
    • Value—Contains
    • Enter contents to match—safe to share
  9. Click Continue to continue configuring your rule.
Example 3: DLP rule condition with NOT and OR operators

In this use case, the rule is triggered when the document title doesn’t contain the words safe, published, or non-confidential

Here is a conceptual diagram of this use case:

To configure this use case:

  1. In the rule configuration flow, you have come to the Conditions section. Click Add Condition.
  2. Click Not "".
  3. Click Add condition group Embed.
  4. Change AND to OR.
  5. Specify the values for the first OR operator:
    • Field—Title
    • Value—Contains word
    • Enter contents to match—published
  6. Specify the values for the second OR operator:
    • Field—Title
    • Value—Contains word
    • Enter contents to match—safe
  7. Click Add Condition.
  8. Specify these values for the third OR operator:
    • Field—Title
    • Value—Contains
    • Enter contents to match—non-confidential
  9. Click Continue to continue configuring your rule.

Related information

Thông tin này có hữu ích không?
Chúng tôi có thể cải thiện trang này bằng cách nào?

Bạn cần trợ giúp thêm?

Đăng nhập để xem thêm tùy chọn hỗ trợ giúp nhanh chóng giải quyết sự cố